Legal claims defining the scope of protection, as filed with the USPTO.
1. A method implemented in a mobile node of generating a network address for communicating over an Internet Protocol (IP) network, the method comprising: generating a backward key chain containing a plurality of backward keys; generating a home address from a first backward key in said backward key chain; and generating a care-of address from a second backward key in said backward key chain preceding the first backward key to logically link said care-of address with said home address; and communicating with another network node over the communication network using the care-of address while the mobile node is in a visited network; and generating a second care-of address of the mobile node from a third backward key in said backward key chain preceding the second backward key to logically link said second care-of address with said home address; and discarding the first care-of address; and communicating with another network node over the communication network using the second care-of address while the mobile node is in a visited network; and wherein generating a backward key chain comprises recursively hashing a secret key to generate a series of backward keys.
2. The method of claim 1 further comprising sending said first and second keys to another network node for authenticating the home address and care-of address of the mobile node.
3. The method of claim 2 wherein sending said first and second keys to another network node comprises: sending said home address and said first key a home agent in said home network when said mobile node attaches to said home network; and sending said care-of address and said second key to said home agent in a binding update message when said mobile node attaches to a visited network.
4. A network node in a communication network for generating a network address for communicating over an Internet Protocol (IP) network, said network node comprising: a network interface for communicating with other nodes over the communication network; a processor circuit connected to the network interface and configured to: generate a backward key chain containing a plurality of backward keys; generate a home address from a first backward key in said backward key chain; and generate a care-of address from a second backward key in said backward key chain preceding the first backward key to logically link said care-of address with said home address; and communicate with another network node over the communication network using the care-of address while the network node is in a visited network; and generate a second care-of address of the mobile node from a third backward key in said backward key chain preceding the second backward key to logically link said second care-of address with said home address; and discard the first care-of address; and communicate with another network node over the communication network using the second care-of address while the mobile node is in a visited network; and wherein the processor circuit generates a backward key chain by recursively hashing a secret key to generate a series of backward keys.
5. The network node of claim 4 wherein the processor circuit is further configured to send said first and second keys to another network node for authenticating the home address and care-of address of the mobile node.
6. The network node of claim 5 wherein the processor circuit sends said first and second keys to another network node by: sending said home address and said first key to a home agent in said home network when said mobile node attaches to said home network; and sending said care-of address and said second key to said home agent in a binding update message when said mobile node attaches to a visited network.
7. A method implemented by a network node of authenticating network addresses of a mobile node, said method comprising: receiving a first network address generated from a first key in a backward key chain; receiving a second network address generated from a second key in the backward key chain preceding the first key; and authenticating the first and second network addresses by verifying that the first and second keys belong to the same backward key chain; and wherein the first network address comprises a home address for the mobile node and the second network address comprises a care-of address for the mobile node; and wherein generating a backward key chain comprises recursively hashing a secret key to generate a series of backward keys.
8. The method of claim 7 wherein authenticating the first and second network addresses comprises hashing said second backward key one or more times and comparing a result to said first backward key.
9. The method of claim 7 implemented by a home agent wherein receiving first and second network addresses comprises receiving a home address and care-of address of the mobile node in a binding update message.
10. The method of claim 9 further comprising: receiving the first backward key used to generate said home address from said mobile node when said mobile node attaches to said home network; and receiving the second backward key used to generate said care-of address from said mobile node in said binding update message.
11. A network node in a communication network for authenticating network addresses of a mobile node used for communicating over the communication network, said network node comprising: a network interface for communicating with other nodes over the communication network; a processor circuit connected to the network interface and configured to: receive a first network address generated from a first key in a backward key chain; receive a second network address generated from a second key in the backward key chain preceding the first key; and authenticate the first and second network addresses by verifying that the first and second keys belong to the same backward key chain; and wherein the first network address comprises a home address for the mobile node and the second network address comprises a care-of address for the mobile node; and wherein the processor circuit generates a backward key chain by recursively hashing a secret key to generate a series of backward keys.
12. The network node of claim 11 wherein the processor circuit authenticates the first and second network addresses by hashing said second backward key one or more times and comparing a result to said first backward key.
13. The network node of claim 11 configured as a home agent wherein the processor circuit receives the first and second network addresses in a binding update message.
14. The network node of claim 13 wherein the processor circuit is further configured to: receive the first backward key used to generate said home address from said mobile node when said mobile node attaches to said home network; and receive the second backward key used to generate said care-of address from said mobile node in said binding update message.
Unknown
April 29, 2014
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.